cve-2019-5611
Vulnerability from cvelistv5
Published
2019-08-29 21:37
Modified
2024-08-04 20:01
Severity ?
Summary
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.
References
secteam@freebsd.orghttp://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.htmlExploit, Patch, Third Party Advisory, VDB Entry
secteam@freebsd.orghttps://seclists.org/bugtraq/2019/Aug/33Exploit, Mailing List, Patch, Third Party Advisory
secteam@freebsd.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.ascPatch, Vendor Advisory
secteam@freebsd.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.ascPatch, Vendor Advisory
secteam@freebsd.orghttps://security.netapp.com/advisory/ntap-20190910-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.htmlExploit, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/33Exploit, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.ascPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.ascPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190910-0002/Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:51.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FreeBSD-SA-19:22",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
          },
          {
            "name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/33"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeBSD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "12.0-RELEASE before 12.0-RELEASE-p10"
            },
            {
              "status": "affected",
              "version": "11.3-RELEASE before 11.3-RELEASE-p3"
            },
            {
              "status": "affected",
              "version": "11.2-RELEASE before 11.2-RELEASE-p14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper check for unusual conditions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-10T14:06:15",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "FreeBSD-SA-19:22",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
        },
        {
          "name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/33"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2019-5611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreeBSD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.0-RELEASE before 12.0-RELEASE-p10"
                          },
                          {
                            "version_value": "11.3-RELEASE before 11.3-RELEASE-p3"
                          },
                          {
                            "version_value": "11.2-RELEASE before 11.2-RELEASE-p14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper check for unusual conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FreeBSD-SA-19:22",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
            },
            {
              "name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/33"
            },
            {
              "name": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html"
            },
            {
              "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc",
              "refsource": "CONFIRM",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190910-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2019-5611",
    "datePublished": "2019-08-29T21:37:31",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-08-04T20:01:51.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ACD1D8D-B3BC-4E99-B846-90A4071DB87B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A8A5CDA-E099-47BA-A0C0-2F79C0432156\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*\", \"matchCriteriaId\": \"63721E89-F453-423F-B34B-07B44C85A052\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*\", \"matchCriteriaId\": \"34134EDA-127A-48E2-B630-94DEF14666A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"699FE432-8DF0-49F1-A98B-0E19CE01E5CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"20B06752-39EE-4600-AC1F-69FB9C88E2A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"E86CD544-86C4-4D9D-9CE5-087027509EDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"64E47AE7-BB45-428E-90E9-38BFDFF23650\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"586B9FA3-65A2-41EB-A848-E4A75565F0CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"1164B48E-2F28-43C5-9B7B-546EAE12E27D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0B15B89-3AD2-4E03-9F47-DA934702187B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"528F64CB-7A82-45C0-87CD-74EB975CC0BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F35957CE-AF9F-40CA-BDD1-FA6A0E73783F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA929713-B797-494A-853D-C121D9D69519\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA5006FF-06A5-4D95-BF5B-29F26248D11F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"826B53C2-517F-4FC6-92E8-E7FCB24F91B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"93F10A46-AEF2-4FDD-92D6-0CF07B70F986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4029113-130F-4A33-A8A0-BC3E74000378\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"46C5A6FD-7BBF-4E84-9895-8EE14DC846E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D71D083-3279-4DF4-91E1-38C373DD062F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"3070787D-76E1-4671-B99D-213F7103B3A2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FE996B1-6951-4F85-AA58-B99A379D2163\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.\"}, {\"lang\": \"es\", \"value\": \"En FreeBSD versi\\u00f3n 12.0-STABLE anterior a r350828, versi\\u00f3n 12.0-RELEASE anterior a 12.0-RELEASE-p10, versi\\u00f3n 11.3-STABLE anterior a r350829, versi\\u00f3n 11.3-RELEASE anterior a 11.3-RELEASE-p3, y versi\\u00f3n 11.2-RELEASE anterior a 11.2-RELEASE-p14, una falta de comprobaci\\u00f3n en la funci\\u00f3n para organizar los datos en una cadena de mbufs podr\\u00eda causar que los datos devueltos no sean contiguos. Las comprobaciones adicionales en la pila de IPv6 podr\\u00edan detectar la condici\\u00f3n de error y desencadenar un p\\u00e1nico del kernel, conllevando a una denegaci\\u00f3n de servicio remoto.\"}]",
      "id": "CVE-2019-5611",
      "lastModified": "2024-11-21T04:45:14.047",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-08-30T09:15:20.943",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/33\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190910-0002/\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190910-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secteam@freebsd.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5611\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2019-08-30T09:15:20.943\",\"lastModified\":\"2024-11-21T04:45:14.047\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD versi\u00f3n 12.0-STABLE anterior a r350828, versi\u00f3n 12.0-RELEASE anterior a 12.0-RELEASE-p10, versi\u00f3n 11.3-STABLE anterior a r350829, versi\u00f3n 11.3-RELEASE anterior a 11.3-RELEASE-p3, y versi\u00f3n 11.2-RELEASE anterior a 11.2-RELEASE-p14, una falta de comprobaci\u00f3n en la funci\u00f3n para organizar los datos en una cadena de mbufs podr\u00eda causar que los datos devueltos no sean contiguos. Las comprobaciones adicionales en la pila de IPv6 podr\u00edan detectar la condici\u00f3n de error y desencadenar un p\u00e1nico del kernel, conllevando a una denegaci\u00f3n de servicio remoto.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ACD1D8D-B3BC-4E99-B846-90A4071DB87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8A5CDA-E099-47BA-A0C0-2F79C0432156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"63721E89-F453-423F-B34B-07B44C85A052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"34134EDA-127A-48E2-B630-94DEF14666A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"699FE432-8DF0-49F1-A98B-0E19CE01E5CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B06752-39EE-4600-AC1F-69FB9C88E2A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E86CD544-86C4-4D9D-9CE5-087027509EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E47AE7-BB45-428E-90E9-38BFDFF23650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"586B9FA3-65A2-41EB-A848-E4A75565F0CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"1164B48E-2F28-43C5-9B7B-546EAE12E27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0B15B89-3AD2-4E03-9F47-DA934702187B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528F64CB-7A82-45C0-87CD-74EB975CC0BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35957CE-AF9F-40CA-BDD1-FA6A0E73783F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA929713-B797-494A-853D-C121D9D69519\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA5006FF-06A5-4D95-BF5B-29F26248D11F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"826B53C2-517F-4FC6-92E8-E7FCB24F91B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F10A46-AEF2-4FDD-92D6-0CF07B70F986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4029113-130F-4A33-A8A0-BC3E74000378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"46C5A6FD-7BBF-4E84-9895-8EE14DC846E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D71D083-3279-4DF4-91E1-38C373DD062F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"3070787D-76E1-4671-B99D-213F7103B3A2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/33\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190910-0002/\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190910-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.